The latest articles on DEV Community by Yaroslav Polyakov (@yaroslaff). https://dev.to/yaroslaff https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F957071%2F396bc340-4607-4f50-a3cb-6eef4cc4a6c2.png https://dev.to/yaroslaff en Yaroslav Polyakov Mon, 29 Jan 2024 19:56:18 +0000 https://dev.to/yaroslaff/your-own-certificate-authority-ca-in-one-simple-command-23ob https://dev.to/yaroslaff/your-own-certificate-authority-ca-in-one-simple-command-23ob <p>You can find many instructions how to make certificates with OpenSSL. OpenSSL is very good except... it's too complex. </p> <p><a href="https://github.com/yaroslaff/showcert" rel="noopener noreferrer">Showcert</a> is OpenSSL for humans, much simpler to use and it has <code>gencert</code> utility to generate certificates. Very easy.</p> <h2> Generate self-signed cert with simple command </h2> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>gencert example.com www.example.com </code></pre> </div> <p>This will make self-signed cert. Easy, isn't it?</p> <h2> Your own CA </h2> <p>Generate CA certificate (1 command):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>gencert --ca MyCA </code></pre> </div> <p>Thats all! Now, you can import generated <code>MyCA.pem</code> file to browsers and generate signed certificates for sites:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>gencert --cacert MyCA.pem --cakey MyCA.key example.com </code></pre> </div> <p>What could be simpler?</p> <p>Install <a href="https://github.com/yaroslaff/showcert" rel="noopener noreferrer">showcert</a> and play for yourself.</p> ssl tls https openssl Yaroslav Polyakov Thu, 25 Jan 2024 16:24:17 +0000 https://dev.to/yaroslaff/great-design-trick-i-learned-in-x509-critical-extension-1gjd https://dev.to/yaroslaff/great-design-trick-i-learned-in-x509-critical-extension-1gjd <p>Good software, file formats and network protocols are extendable. You may develop new version later, but it should interoperate with older version. Old client software must work with new server and vice versa. Old software must open files created by new version of software and vice versa.</p> <p>Extensions are good for this, but usually it comes with problem: How should software work, if it finds unknown extension? Often answer is simple - "just ignore it". Skip unknown extension and process file/request. (Same as your web app does if HTTP request has unknown header - it just does not looks at it)</p> <p>But sometimes this approach will fail. Sometimes simple ignoring extension will not work (especially in security area). And here comes "critical extension". Extension has some identified and simple boolean flag "critical". </p> <p>If software founds unknown extension it looks for flag. if not critical - ignore extension and go on. If critical - sorry, this software can not process this file/request (and it's very good if old software knows when it can process new data and when it should not try).</p> <p><a href="https://datatracker.ietf.org/doc/html/rfc5280" rel="noopener noreferrer">https://datatracker.ietf.org/doc/html/rfc5280</a></p> ssl softwareengineering x509 rfc5280 Yaroslav Polyakov Mon, 18 Dec 2023 19:30:29 +0000 https://dev.to/yaroslaff/simple-decorator-to-retry-after-exception-5a6 https://dev.to/yaroslaff/simple-decorator-to-retry-after-exception-5a6 <p>Typical situation: you have unreliable function, for example, doing HTTP requests and getting exception from time to time. Maybe connection went down temporary or 429 Too Many requests problem, or remote service itself is temporary broken. </p> <p>One simple decorator solves problem:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">functools</span> <span class="k">def</span> <span class="nf">retry</span><span class="p">(</span><span class="n">num_times</span><span class="o">=</span><span class="mi">1</span><span class="p">):</span> <span class="k">def</span> <span class="nf">decorator_repeat</span><span class="p">(</span><span class="n">func</span><span class="p">):</span> <span class="nd">@functools.wraps</span><span class="p">(</span><span class="n">func</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapper_repeat</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">):</span> <span class="n">last_exception</span> <span class="o">=</span> <span class="bp">None</span> <span class="k">for</span> <span class="n">n</span> <span class="ow">in</span> <span class="nf">range</span><span class="p">(</span><span class="n">num_times</span><span class="p">):</span> <span class="k">try</span><span class="p">:</span> <span class="n">r</span> <span class="o">=</span> <span class="nf">func</span><span class="p">(</span><span class="o">*</span><span class="n">args</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="k">except</span> <span class="nb">Exception</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span> <span class="n">last_exception</span> <span class="o">=</span> <span class="n">e</span> <span class="c1"># handle exception. log it or just pass </span> <span class="nf">print</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="s">Try #</span><span class="si">{</span><span class="n">n</span><span class="si">}</span><span class="s"> got exception </span><span class="si">{</span><span class="n">e</span><span class="si">}</span><span class="s">, but we will retry</span><span class="sh">"</span><span class="p">)</span> <span class="k">else</span><span class="p">:</span> <span class="k">return</span> <span class="n">r</span> <span class="k">raise</span> <span class="n">last_exception</span> <span class="k">return</span> <span class="n">wrapper_repeat</span> <span class="k">return</span> <span class="n">decorator_repeat</span> </code></pre> </div> <p>Lets use it with requests:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">requests</span> <span class="nd">@retry</span><span class="p">(</span><span class="mi">10</span><span class="p">)</span> <span class="k">def</span> <span class="nf">myhttp</span><span class="p">():</span> <span class="n">r</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">'</span><span class="s">https://httpbin.org/status/200,500,429</span><span class="sh">'</span><span class="p">)</span> <span class="n">r</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="nf">print</span><span class="p">(</span><span class="n">r</span><span class="p">.</span><span class="n">status_code</span><span class="p">)</span> <span class="nf">myhttp</span><span class="p">()</span> </code></pre> </div> <p>Results:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Try #0 got exception 429 Client Error: TOO MANY REQUESTS for url: https://httpbin.org/status/200,500,429, but we will retry Try #1 got exception 500 Server Error: INTERNAL SERVER ERROR for url: https://httpbin.org/status/200,500,429, but we will retry Try #2 got exception 500 Server Error: INTERNAL SERVER ERROR for url: https://httpbin.org/status/200,500,429, but we will retry 200 </code></pre> </div> <p>This way you are immune against temporary problems which could be solved by retry (maybe with <code>time.sleep(10)</code>) but you will still get exception from long-time problems. Change URL in <code>myhttp()</code> to <a href="https://httpbin.org/status/500" rel="noopener noreferrer">https://httpbin.org/status/500</a> to see this.</p> python decorator exception requests Yaroslav Polyakov Thu, 12 Oct 2023 08:51:00 +0000 https://dev.to/yaroslaff/apache2-allows-cors-with-credentials-for-any-address-nha https://dev.to/yaroslaff/apache2-allows-cors-with-credentials-for-any-address-nha <p>You cannot use '*' in <code>Access-Control-Allow-Origin</code> and use <code>Access-Control-Allow-Credentials</code> at same time. And this is actually makes sense, but during development this dirty hack is useful (for apache2):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight apache"><code><span class="nc">SetEnvIf</span> Origin "^http(s)?://.*$" REQUEST_ORIGIN=$0 <span class="nc">Header</span> <span class="ss">always</span> <span class="ss">set</span> Access-Control-Allow-Origin %{REQUEST_ORIGIN}e env=REQUEST_ORIGIN <span class="nc">Header</span> <span class="ss">always</span> <span class="ss">set</span> Access-Control-Allow-Credentials true </code></pre> </div> <p>How it work in action (I'm using httpie instead of curl):</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight http"><code><span class="err">$ http -ph POST https://example.com/ Origin:https://google.com </span><span class="k">HTTP</span><span class="o">/</span><span class="m">1.1</span> <span class="m">200</span> <span class="ne">OK</span> <span class="na">Accept-Ranges</span><span class="p">:</span> <span class="s">bytes</span> <span class="na">Access-Control-Allow-Credentials</span><span class="p">:</span> <span class="s">true</span> <span class="na">Access-Control-Allow-Origin</span><span class="p">:</span> <span class="s">https://google.com</span> <span class="na">Connection</span><span class="p">:</span> <span class="s">Keep-Alive</span> <span class="na">Content-Encoding</span><span class="p">:</span> <span class="s">gzip</span> <span class="na">Content-Length</span><span class="p">:</span> <span class="s">1039</span> <span class="na">Content-Type</span><span class="p">:</span> <span class="s">text/html</span> <span class="na">Date</span><span class="p">:</span> <span class="s">Thu, 12 Oct 2023 08:50:33 GMT</span> <span class="na">ETag</span><span class="p">:</span> <span class="s">"9a1-6020521d58f80-gzip"</span> <span class="na">Keep-Alive</span><span class="p">:</span> <span class="s">timeout=5, max=100</span> <span class="na">Last-Modified</span><span class="p">:</span> <span class="s">Thu, 03 Aug 2023 13:55:26 GMT</span> <span class="na">Server</span><span class="p">:</span> <span class="s">Apache/2.4.56 (Debian)</span> <span class="na">Strict-Transport-Security</span><span class="p">:</span> <span class="s">max-age=31536000; includeSubDomains</span> <span class="na">Vary</span><span class="p">:</span> <span class="s">Accept-Encoding</span> <span class="na">X-Content-Type-Options</span><span class="p">:</span> <span class="s">nosniff</span> <span class="na">X-Frame-Options</span><span class="p">:</span> <span class="s">disabled</span> </code></pre> </div> <p>If you want it only for specific Origins:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight apache"><code> <span class="nc">SetEnvIf</span> Origin "^https?://(example.com|www.example.com)$" GOODORIGIN=$0 <span class="nc">Header</span> <span class="ss">set</span> Access-Control-Allow-Origin %{GOODORIGIN}e env=GOODORIGIN <span class="nc">Header</span> <span class="ss">set</span> Access-Control-Allow-Credentials "true" env=GOODORIGIN <span class="nc">Header</span> <span class="ss">merge</span> Vary Origin </code></pre> </div> apache2 cors security webdev Yaroslav Polyakov Wed, 18 Jan 2023 16:08:39 +0000 https://dev.to/yaroslaff/mix-static-client-side-rendering-on-same-page-with-sveltekit-4b61 https://dev.to/yaroslaff/mix-static-client-side-rendering-on-same-page-with-sveltekit-4b61 <p>I love static websites, because they are very fast and very good for SEO, google can 'read' it much better. But these days you need JavaScript almost everywhere.</p> <p>And I like Svelte as very easy to learn and use lightweight framework.</p> <p>I've found out, that it's not very simple to mix static rendering and CSR on same page. But possible. I will use time (JavaScript Date() result) as example data, but in production it can be your data, e.g. "BFGoodrich tyre" or "Red apples" or "War and Peace by Leo Tolstoy".</p> <p>Our example page will print very simple text:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Date: Wed, 18 Jan 2023 15:49:03 GMT Build: Wed, 18 Jan 2023 15:49:01 GMT </code></pre> </div> <p>First line (Date:) is content you calculated on client-side, when page is loaded. Second line (Build:) is build-time, something you calculated during <code>npm run build</code> which must be visible to search engine.</p> <h2> Create project </h2> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm create svelte@latest hybrid <span class="nb">cd </span>hybrid npm <span class="nb">install</span> </code></pre> </div> <h2> Enable static adapter </h2> <p>Install it: <code>npm i -D @sveltejs/adapter-static</code></p> <p>In svelte.config.js disable adapter-auto and use adapter-static:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="nx">adapter</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/adapter-static</span><span class="dl">'</span><span class="p">;</span> </code></pre> </div> <p>Now you can generate static website with <code>npm run build</code> and preview it with <code>npm run preview</code>.</p> <h2> src/routes/+page.server.js </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">export</span> <span class="kd">const</span> <span class="nx">prerender</span> <span class="o">=</span> <span class="kc">true</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">load</span><span class="p">()</span> <span class="p">{</span> <span class="k">return</span> <span class="p">{</span> <span class="na">t</span><span class="p">:</span> <span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toUTCString</span><span class="p">()</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <h2> src/routes/+page.svelte: </h2> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="o">&lt;</span><span class="nx">script</span><span class="o">&gt;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">browser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">$app/environment</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">let</span> <span class="nx">data</span><span class="p">;</span> <span class="kd">var</span> <span class="nx">buildtime</span> <span class="o">=</span> <span class="nx">data</span><span class="p">.</span><span class="nx">t</span> <span class="o">&lt;</span><span class="sr">/script</span><span class="err">&gt; </span> <span class="nb">Date</span><span class="p">:</span> <span class="p">{</span><span class="err">#</span><span class="k">if</span> <span class="nx">browser</span><span class="p">}{</span><span class="k">new</span> <span class="nc">Date</span><span class="p">().</span><span class="nf">toUTCString</span><span class="p">()}{</span><span class="o">/</span><span class="k">if</span><span class="p">}</span> <span class="o">&lt;</span><span class="nx">br</span><span class="o">&gt;</span> <span class="nx">Build</span><span class="p">:</span> <span class="p">{</span><span class="nx">buildtime</span><span class="p">}</span> </code></pre> </div> <h2> Result </h2> <p>run: <code>npm run build &amp;&amp; npm run preview</code> and open <a href="http://localhost:4173/" rel="noopener noreferrer">http://localhost:4173/</a> you will see result. If you will reload page in a second, Date will change, but Build will stay same.</p> <p>Also, if you will open build/index.html you will see there:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight html"><code>... Date: <span class="nt">&lt;br&gt;</span> Build: Wed, 18 Jan 2023 15:58:18 GMT ... </code></pre> </div> <p>As you see, our statically generated content is clearly visible in page. </p> <h2> Explanation </h2> <p>in <code>+page.server.js</code> we set <code>prerendering=true</code> to generate static HTML site (with JS) as a result. And we return data with current Date(). We must convert it to string here, because client browser may have different timezone and Build: date will be "flashing" (initially it will have date in our timezone, and in fraction of second it will be overwritten). Not nice.</p> <p>in <code>+page.svelte</code> we use this data. Also we conditionally display new Date() (I used <code>.toUTCString()</code> here just to have both dates to look similar, it's not really needed). </p> <p>Without <code>{#if}</code> you'd get one date built-in HTML (displayed immediately when page loaded) and other date will overwrite it. Not nice visual effect. With <code>{#if}</code> we suppress first date and display only CSR date over empty page space.</p> <p>Using this method you can combine benefits for static and client-side rendered content at any SvelteKit page.</p> hackathon glsl blockchain gamedev Yaroslav Polyakov Thu, 12 Jan 2023 10:38:19 +0000 https://dev.to/yaroslaff/shell-oneliner-to-generate-passwords-47i8 https://dev.to/yaroslaff/shell-oneliner-to-generate-passwords-47i8 <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># 10 character random string from specified alphabet</span> &lt; /dev/urandom <span class="nb">tr</span> <span class="nt">-dc</span> <span class="s1">'[:graph:]'</span> | <span class="nb">head</span> <span class="nt">-c10</span><span class="p">;</span> <span class="nb">echo</span> </code></pre> </div> <p>Bash allows redirections at any part of command, so <code>&lt; file command args</code> above is same as <code>command args &lt; file</code>.</p> <p>Examples:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>KrvJz?TgbO T[7/9Lg9L9 bp[je2Og*l 93:m_Ss$z5 C}Z=-Nj-mn mG&lt;85C&gt;!i~ %&gt;7/]AWpMd </code></pre> </div> <p>If you do not want so many special characters, you may use something like: <code>'[:alnum:]_$#%-'</code><br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>JCPHawXEvr orq#0S7cUk 82H7g_cHtY um-#ACmny4 dYQFqGsX_d </code></pre> </div> discuss gratitude Yaroslav Polyakov Thu, 12 Jan 2023 10:04:40 +0000 https://dev.to/yaroslaff/drop-almost-all-outbound-mail-in-postfix-for-tests-3onh https://dev.to/yaroslaff/drop-almost-all-outbound-mail-in-postfix-for-tests-3onh <h2> Why to drop mail? </h2> <p>While troubleshooting mailman installation, I've come to a problem: I need to do many tests, but I do not want to disturb recipients of maillist with dozens of test messages. I do not know, if mailman3 has any feature for this kind of testing, but postfix has. </p> <h2> How to drop postfix mail except to whitelisted addresses </h2> <p>First, make sure, you have transport map enabled.</p> <p>Usually, this line could look like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>transport_maps = hash:/etc/postfix/transport </code></pre> </div> <p>Now, create other transport file, my /etc/postfix/blackhole:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>mydomain.net : mymailbox@gmail.com : * discard: </code></pre> </div> <p>With this config postfix will deliver to *@mydomain.net and to <a href="mailto:mymailbox@gmail.com">mymailbox@gmail.com</a>. </p> <p>run <code>postmap blackhole</code> to generate /etc/postfix/blackhole.db.</p> <p>add it to postfix transport with comma (if you already has transport map):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>transport_maps = hash:/path/to/other/transport/map, hash:/etc/postfix/blackhole </code></pre> </div> <p>(or as single element, if you had no transport_maps).</p> <p>Restart postfix: <code>postfix reload</code>. You're ready.</p> <h3> Testing </h3> <p>I sent few mails and here is what I have in logs:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Jan 12 09:53:17 list2 postfix/smtp[62239]: DB97418C0808: to=&lt;mymailbox@gmail.com&gt;, relay=gmail-smtp-in.l.google.com[173.194.76.27]:25, delay=0.41, delays=0.03/0.02/0.14/0.22, dsn=2.0.0, status=sent (250 2.0.0 OK 1673517197 g15-20020a056000118f00b002bdd88acc3dsi514695wrx.503 - gsmtp) Jan 12 09:53:34 list2 postfix/discard[62251]: 7943118C0808: to=&lt;test@test.com&gt;, relay=none, delay=0.02, delays=0.02/0/0/0, dsn=2.0.0, status=sent (test.com) </code></pre> </div> <p>First is log line for real delivery (<code>relay=</code> remote mailserver) and second is log line for blackhole delivery, <code>relay=none</code>).</p> tooling devops productivity Yaroslav Polyakov Mon, 09 Jan 2023 11:59:49 +0000 https://dev.to/yaroslaff/how-to-get-country-by-ip-address-3o48 https://dev.to/yaroslaff/how-to-get-country-by-ip-address-3o48 <p><a href="https://ipdeny.com/" rel="noopener noreferrer">ipdeny.com</a> provides nice free service for this. Download <a href="https://www.ipdeny.com/ipblocks/" rel="noopener noreferrer">country block</a> for any country you want and use it in your code.</p> <p>country block is simple CIDR list, e.g. for Afghanistan it starts with:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>23.88.192.0/19 43.230.209.0/24 43.250.136.0/22 ... </code></pre> </div> geolocation country ip Yaroslav Polyakov Wed, 04 Jan 2023 22:09:28 +0000 https://dev.to/yaroslaff/every-c-program-has-mainfalse-2g0a https://dev.to/yaroslaff/every-c-program-has-mainfalse-2g0a <p>actually, <code>_start</code> is real magic word.</p> <p>nomain.c:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight c"><code><span class="cp">#include</span> <span class="cpf">&lt;stdio.h&gt;</span><span class="cp"> </span> <span class="k">extern</span> <span class="kt">void</span> <span class="nf">_exit</span><span class="p">(</span><span class="k">register</span> <span class="kt">int</span><span class="p">);</span> <span class="kt">int</span> <span class="nf">_start</span><span class="p">(){</span> <span class="n">printf</span><span class="p">(</span><span class="s">"Hello world!</span><span class="se">\n</span><span class="s">"</span><span class="p">);</span> <span class="n">_exit</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nv">$ </span>gcc <span class="nt">-o</span> nomain nomain.c <span class="nt">-nostartfiles</span> <span class="nv">$ </span>./nomain Hello world! </code></pre> </div> beginners softwaredevelopment Yaroslav Polyakov Wed, 04 Jan 2023 09:05:29 +0000 https://dev.to/yaroslaff/apt-file-which-deb-package-to-install-to-get-x-41ck https://dev.to/yaroslaff/apt-file-which-deb-package-to-install-to-get-x-41ck <p>You need to get file X (e.g. hugo), what package to install?</p> <p>Long time ago, I got used to visit <a href="https://packages.debian.org/" rel="noopener noreferrer">packages.debian.org</a>, scroll down to second search form "Search the contents of packages" and search there.</p> <p>It's much easier to search with apt-file right from CLI:<br> Install:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>apt <span class="nb">install </span>apt-file apt-file update </code></pre> </div> <p>Now search:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ apt-file search hugo fish-common: /usr/share/fish/completions/hugo.fish gargoyle-free: /usr/lib/gargoyle/hugo hugo: /usr/bin/hugo hugo: /usr/share/bash-completion/completions/hugo hugo: /usr/share/doc/hugo/changelog.Debian.amd64.gz ... </code></pre> </div> <p>but if we will search for 'gcc', we will find 170000+ results because apt-find looks for substring match. (and 30k results for 'mc' substring). We should use <code>-x</code>/<code>--regexp</code> search:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>$ apt-file -x search bin/gcc$ gcc: /usr/bin/gcc icecc: /usr/lib/icecc/bin/gcc nvidia-cuda-toolkit: /usr/lib/nvidia-cuda-toolkit/bin/gcc pentium-builder: /usr/bin/gcc </code></pre> </div> emptystring Yaroslav Polyakov Sun, 01 Jan 2023 15:29:05 +0000 https://dev.to/yaroslaff/fail2ban-regex-works-as-cli-param-but-not-as-file-solution-1bm7 https://dev.to/yaroslaff/fail2ban-regex-works-as-cli-param-but-not-as-file-solution-1bm7 <p>When writing new fail2ban filter, I see my regexes are working well in CLI test, but not from filter.d file.</p> <p>Running from CLI (success):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@liste:/etc/fail2ban/filter.d# fail2ban-regex /var/log/apache2/access_log <span class="s1">'&lt;HOST&gt;.*/cgi-bin/mailman/subscribe/.*'</span> Running tests <span class="o">=============</span> Use failregex line : &lt;HOST&gt;.<span class="k">*</span>/cgi-bin/mailman/subscribe/.<span class="k">*</span> Use log file : /var/log/apache2/access_log Use encoding : UTF-8 Results <span class="o">=======</span> Failregex: 7530 total |- <span class="c">#) [# of hits] regular expression</span> | 1<span class="o">)</span> <span class="o">[</span>7530] &lt;HOST&gt;.<span class="k">*</span>/cgi-bin/mailman/subscribe/.<span class="k">*</span> <span class="sb">`</span>- Ignoreregex: 0 total Date template hits: |- <span class="o">[</span><span class="c"># of hits] date format</span> | <span class="o">[</span>7796] Day<span class="o">(</span>?P&lt;_sep&gt;[-/]<span class="o">)</span>MON<span class="o">(</span>?P<span class="o">=</span>_sep<span class="o">)</span>ExYear[ :]?24hour:Minute:Second<span class="o">(</span>?:<span class="se">\.</span>Microseconds<span class="o">)</span>?<span class="o">(</span>?: Zone offset<span class="o">)</span>? <span class="sb">`</span>- Lines: 7796 lines, 0 ignored, 7530 matched, 266 missed <span class="o">[</span>processed <span class="k">in </span>1.68 sec] Missed line<span class="o">(</span>s<span class="o">)</span>: too many to print. Use <span class="nt">--print-all-missed</span> to print all 266 lines </code></pre> </div> <p>7.5K matched. Great! now, put this regex into file:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[INCLUDES] before = common.conf [Definition] failregex = &lt;HOST&gt;.*/cgi-bin/mailman/subscribe/.* ignoreregex = </code></pre> </div> <p>And.... 0 matched! :-(<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@liste:/etc/fail2ban/filter.d# fail2ban-regex /var/log/apache2/access_log /etc/fail2ban/filter.d/mailman-subscribe.conf ... Lines: 7796 lines, 0 ignored, 0 matched, 7796 missed </code></pre> </div> <p>Solution: just add empty <code>datepattern =</code> to rule.</p> <p>And now:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>root@liste:/etc/fail2ban/filter.d# fail2ban-regex /var/log/apache2/access_log /etc/fail2ban/filter.d/mailman-subscribe.conf ... Lines: 7796 lines, 0 ignored, 7530 matched, 266 missed </code></pre> </div> security discuss Yaroslav Polyakov Sun, 25 Dec 2022 16:25:52 +0000 https://dev.to/yaroslaff/svelte-kit-with-hmr-over-nginx-2pl2 https://dev.to/yaroslaff/svelte-kit-with-hmr-over-nginx-2pl2 <p>I need to use svelte-kit over nginx reverse proxy (because of third-party cookies which requires HTTPS). If you will just make simple proxy on nginx, pages will load, but HMR will not work. You will get this error message on console:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>[vite] failed to connect to websocket. your current setup: (browser) example.com/ &lt;--[HTTP]--&gt; localhost:5173/ (server) (browser) example.com:/ &lt;--[WebSocket (failing)]--&gt; localhost:5173/ (server) Check out your Vite / network configuration and https://vitejs.dev/config/server-options.html#server-hmr . (anonymous) @ client.ts:48 (anonymous) @ client.ts:99 </code></pre> </div> <p>Problem is you cannot easily proxy HTTP + websocket over one nginx server. But solution is simple:</p> <p>add <code>server.hmr.clientPort</code> to <code>vite.config.js</code>:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight javascript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">sveltekit</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@sveltejs/kit/vite</span><span class="dl">'</span><span class="p">;</span> <span class="cm">/** @type {import('vite').UserConfig} */</span> <span class="kd">const</span> <span class="nx">config</span> <span class="o">=</span> <span class="p">{</span> <span class="na">plugins</span><span class="p">:</span> <span class="p">[</span><span class="nf">sveltekit</span><span class="p">()],</span> <span class="na">server</span><span class="p">:</span> <span class="p">{</span> <span class="na">hmr</span><span class="p">:</span> <span class="p">{</span> <span class="na">clientPort</span><span class="p">:</span> <span class="mi">5111</span> <span class="p">}</span> <span class="p">}</span> <span class="p">};</span> <span class="k">export</span> <span class="k">default</span> <span class="nx">config</span><span class="p">;</span> </code></pre> </div> <p>This will make wss to work over different port, so you can use different configuration for HTTP and websockets in nginx:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight nginx"><code><span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">443</span> <span class="s">ssl</span><span class="p">;</span> <span class="kn">server_name</span> <span class="s">example.com</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/private/cert.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/key.pem</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:5173</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> <span class="k">server</span> <span class="p">{</span> <span class="kn">listen</span> <span class="mi">5111</span> <span class="s">ssl</span><span class="p">;</span> <span class="kn">ssl_certificate</span> <span class="n">/etc/ssl/private/cert.pem</span><span class="p">;</span> <span class="kn">ssl_certificate_key</span> <span class="n">/etc/ssl/private/key.pem</span><span class="p">;</span> <span class="kn">location</span> <span class="n">/</span> <span class="p">{</span> <span class="kn">proxy_pass</span> <span class="s">http://127.0.0.1:5173</span><span class="p">;</span> <span class="kn">proxy_http_version</span> <span class="mf">1.1</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Upgrade</span> <span class="nv">$http_upgrade</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Connection</span> <span class="s">'upgrade'</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">Host</span> <span class="nv">$host</span><span class="p">;</span> <span class="kn">proxy_set_header</span> <span class="s">X-Forwarded-Proto</span> <span class="nv">$scheme</span><span class="p">;</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>Now hot module reloading (HMR) works over nginx!</p> sveltekit nginx hmr vite